[wp-hackers] Single sign-on SSL domain
shacker at birdhouse.org
Wed Jul 22 22:00:04 UTC 2009
I'm in a situation where all WP logins will need to go SSL. We have a
lot of domains but not a lot of IP addresses to go around.
Historically all of our domains have been vhosts on a single server.
But since SSL requires one IP per domain, we're kind of stuck.
Two possibilities we're considering:
1) Require all logins to be OpenID, pushing the login process off to
another server so we don't have to worry about it. The challenge here
is that the existing OpenID plugin for WP does not provide a way to
*force* OpenID logins. Submitted a ticket to that project asking for
the feature, but no response in two weeks.
2) Somehow configure apache to route login requests to a central
domain for sign-in. So:
ssldomain.edu <-- has cert
Attempting to log in at domain.org would pass the user to
ssldomain.edu for authentication and then back to domain.org. I
believe I can use an apache Alias system so that the user would really
be at ssldomain.edu/domain.org but would appear to be at domain.org.
Has anyone tried something like this? Tricky? Successful? Pitfalls?
Recipes to share? What would need to happen on the WP side to work
with a system like this? Is it even possible?
3) Other... ?
Thanks for any suggestions.
More information about the wp-hackers